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(54) Cryptation system for packet switching networtcs based on digital chaotic models 



(57) A cryptation system for information transmitted 
through packet switching networks including masking 
the digital information data by combining them at the 
transmitting station with digital data of a certain code of 
cryptation before transmitting the so encrypted data 
through the network and performing an inverse decrypt- 
ing processing at the receiving station using the same 
code of encrypting, comprises generating at a transmit- 
ting station and at a receiving station, starting from a 
given pair of password codes or user k^, a certain dis- 
crete chaotic model or map of said pair of codes or key, 
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producing dynamically updated pairs of values of codes 
or keys every certain number of processing steps of 
said chaotic map, masking the data to be transmitted by 
way of a logic combination with said current dynamically 
updated keys at the transmitting station, demasking the 
data at \he receiving station by way of a logic decompo- 
sition of said digital data from said current dynamically 
updated key returning the digital data to a clear condi- 
tion. 
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Description 

FIELD OF THE iNVENTlON 

5 [0001] TTie present invention relates to a method and relative system architecture for encrypting cryptation data 
transmitted on packet switching networks. 

BACKGROUND OF THE INVENTiON 

10 [0002] The growing development of networks and broadband telecommunication services and among these of pay 
services and of the growing demand for increasingly high security standards of the privacy of the data transmitted have 
dictated a strong request for data encrypting systems and algorithms. Among the most important applications we may 
recall the encrypting video of transmission for pay TV services, of telephone oonversatfons through mobile radio sys- 
tems, of data transmitted on a telematic network (electronic signatures, telematic bank operations, telematic trading, 

IS and the like). 

[0003] Typically, telecommunication networks supporting these services are broadband networks, whose success 
is due to new network technologies and, in particular, to the flexibility of communication protocols (for example X.25, IP, 
ATM) l>ased on the so-called packet switching techniques. 

[0004] The packet switching technique is based on the segmentation of the information to be transmitted in the form 
20 of packets of digital data of adequate length depending on the needs, to which address data (header) are associated in 
order for the information to reach destinatioa With these techniques of transmission, the barxi is occupied only in pres- 
ence of an effective traffic of data to be transmitted and difforent communications of different types of traffic may co-exist 
on a unique carrier. 

[0005] if on one hand the Intemet Protocol (IP) is emerging as the platform network with greater diffusion prospec- 
25 tives, on the other harxi the advent of new systems and broadt>and media (optical fibers and coaxial cat>les) represent 
a concrete premise for offering to the users a wealth of new services based on the ATM technique (Asynchronous 
Transform Mode). In the future, the combination of service platforms such as intemet with the ATM transport technique 
may also contrilxite to accelerate the diffusion of applications based on the ATM technique. 

[0006] In this scenario, security is becoming a primary requirement for all operators of the sector because telematic 
30 services are on the increase (lx>me banking, virtual shopping, electronic trading, etc.) and they require a high degree 
of privacy of information. 

[0007] Fig. 1 shows the functfonal scheme of a secure communbation system which highliglits the presence of 
encrypting (CRYPT) and decrypting (CRYPT ^} blocks for data protection. The CRYPT block at the transmitter station 
encrypts tiie messages {dear texf) commonly through a password functfon. so that only authorized persons can 
35 retrieve the original message. The output of the encrypting (encoding) process, called cohered text, is decrypted 
(decoded) at the receiver station by way of an enciphering password. 

[0008] It has been noticed that methodologies based on chaos tiieory may be useful in cryptation techniques. 
Potentially they are much more undecryptable than traditional cryptation techniques (DES, RSA, IDEA, MD5, etc.) pres- 
entiy used in packet switching networks. 
40 [0009] A starting point for the aeation of chaotic cryptation systems are the so-called chaotic models. These, 
regardless of the meaning and the problems related to their development, are recursive systems which, given certain 
initial values, indefinitely evolve in time in a complex and unpredk:tak3le manner. 

[001 0] The following table indicates some of the most common discrete chaotic models (also referred to as maps). 
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Table 1: Mian chaotic maps 



5 


Chaotic Map 


Function 


10 


Logistic map 




Henon map 




IS 


Logarithmic map 


jr,,,=ln(a|.r„|) 




Squared map 


=o-Xl 


20 


Cubic map 


X^i - Y„ 



25 



[00111 Each chaotic series is characterized by the relative key, that is by the values of the initial state x(0) and of 
the control parameters (parameters a and b). 

30 [0012] Generally, in order to encrypt the stream of digital data without increasing the amount of transmitted infor- 
mation, the most appropriate solution to protect the information is that of masking, as shown in the example of Fig. 2. 
[0013] According to this approach, the transmitted data are masked by hiding the information signal within a more 
complex one, generated by a chaotic system, by sirrply adding the two types of data. During the reception phase, the 
opposite operation must t>e carried out, that is discriminating between the received data and the information to be 

35 locally reconstructed through a system iderrtical to that used for the transmission. 

[001 4] TTie delicate problem of synchronization which Is addressed herein, is independent from the choice of a par- 
ticular chaotic map. 

[0015] Reliability and the very high level of security are the main advantages of chaotic cryptography. 
[0016] Starting from different parameters, it is impossible to obtain two identical series even if the starting parame- 
40 ters differ very little. This is an intrinsic characteristic of chaotic systems. 

[0017] The following technical papers relate to the problem of cryptation systems for packet switching networks. 

• [1] B. Schneier, "Applied cryptography - Protocols. Algorithms and Source Code in C, John Wiley & Sons, 1994. 

• [2] D. R. Frey. Chaotic Digital Encoding: An Approach to Secure Communication, IEEE Trans Circuits Sysl-Part II, 
45 vol. 40, no. 10, pp. 660-666.1993. 

• [3] M. J. OgorzaIeK Taming Chaos: Part l-Synchronization. IEEE Trans Circuits Syst-Part I, vol. 40. na 10, pp. 693- 
6699,1993. 

[4] Q. Kdumb (n, M. P. Kennedy and L O. Chua, Tlie Role of Synchronization in Digital Communications Using 
Chaos-Part I: Fundamentals of Digital Communications. IEEE Trans Circuits Syst-Part I, vol. 44. no. 10, pp. 927- 
50 936.1997. 

• [5] F. Dachselt K. Kelber and W. Schwarz, Chaotic Coding and Cryptoanalysis, Proceedings of ISCAS "97. pp. 
1061-1064, 1997. 

• [6| William Stallings. "tPv6: The New Internet Protocol". IEEE Communications Magazine. July 1996, pp. 96-108. 

55 OBJECT AND SUMMARY OF THE INVENTION 

[0018] The aim of the invention is to provide for a cryptography system based on digital chaotic models with 
enhanced security based on an encrypting/decrypting symmetric system, employing a key that is dynamically updated 
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by the chaotic system. 

[001 9] According to a preferred embodiment of the invention, the dynamic key continuously processed by a certain 
nrxxtel or digital chaotic map. used for encrypting/decrypting the information symmetrically at the transmitter and at the 
receiver, is generated through a multitevel architecture thus to provide for a scaleable degree of security, depending on 
the user's needs; a higher degree of security being obtained at the expense of an increment of the time taken for 
encrypting/decrypting. 

[0020] The method of the invention, considers the organization of packets of crypted data with a header of data 
having a predefined and constant length, and with a payload of a variable length containing the crypted information. 
[0021] The invention is defined In the independent claims 1 and 4. and particularly effective embodiments are 
defined in the claims 2, 3 and 5. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0022] 

Figure 1 is the scheme of a cryptation system for packet switching transmission networks. 

Rgure 2 is a scheme of cryptography based on a chaotic masking. 

Rgure 3a shows a ayptography scheme of the invention with a second level key. 

Figure 3b shows the chaotic evolution of the state, refen^ed to the scheme of Rg. 3a. 

Rgure 3c shows the chaotic evolution of the control parameter, referred to the scheme of Rg. 3a. 

Rgure 3d shows a cryptography scheme of the invention with a third level k^. 

Rgure 4 shows the complete structure of a packet of crypted data. 

Rgure 5 is a detail of the header. 

Rgure 6 is a secure convnunication scheme for MPEG sequences transmitted on an ATM network. 

Rgure 7 shows the known structure of an MPEG-TS (a) packet and a detail of the 4 byte header of the MPEG-TS 

(b) packet. 

Rgure 8 shows a decoding system of MPEG sequences received through an ATM network 

Rgure 9 shows the constitution of a corresponding crypted packet according to the present invention. 

Rgure 10 shows the architecture of the cryptography model according to the invention. 

Rgure 11 is a detail of the FUNC module of the architecture of Rg. 10. 

Rgure 12 shows the organization of the RAM memory of the cryptography module. 

DESCRIPTION OF THE INVENTION 

[0023] The key used for the masking sequence is composed by two elements or codes: 

• State (64 bits) 

Control parameter (64 bits) 

[0024] The combination of these two elements constitutes the key which permits to decrypt the crypted message 
or to encrypt a message. 

[0025] The system of the invention is based on a symmetrical cryptography algorithm witii a dyrtamic key of a cha- 
otic type. In particular, the system dynanvcally iqxiates both the State arxi the Control parameters of the chaotic series 
or map tiiat is used for masking the information. Even, the laws of updating the initial State and Control parameters, or 
of the plurality of such elements in case of a scaleable multilevel scaleable implementation of the method of the inven- 
tion, are of the chaotic type. 

[0026] In practice, the user has at his disposal a double key, conposed of four 64 bit codes, of which the first two 
represent the Control parameter and the initial State for which a chaotic series evolves generating a succession of Con- 
trol parameters: 

• c(0),c(1).c(2).... 

the remaining two codes, represent instead tiie control parameter and the initial State from which a chaotic series 
evolves generating a succession of initial States: 

• x(0>|X(1).x(2) 

[0027] By way of an example, according to the scheme of Fig. 3a. the above mentioned two successtons may be 
obtained in the following manner. 

[0028] Initially, the chaotic function is applied to the first key. formed by the two codes Xqi Xqi. thus ot>taining the 
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Stale parameter X^. The same chaotic function is applied to the second key, formed by the two codes X02 ^-02. thus 
obtaining the Control parameter X\ . However, the latter will range between 0 and 1 and in order to assure that the 
Control parameter is between 3.5 and 4 wSI be sufficient to apply a function capable to shift it within this interval- A very 
simple function that performs such a shift is: 

5 

= x\ Off (D400 0000 0000 0000)H 

[0029] The masking value may be derived by applying the chaotic function to andX^, 

[0030] In order to encrypt or decrypt the datum it is sufficient to carry out an EXOR function or any other type of 

10 logic combination between the so generated masking value and the datum 

[0031 ] The successive masking value M2 with which encrypt the datum D2 is obtained l>y applying the chaotic func- 
tion to Xi and to M^i similarly will be obtained by applying the chaotic function to X-^ and to M2, and so forth. 
[0032] When there is a need to evolve the map related to the control parameter, the chaotic function is applied to 
Xi and thus obtaining the state Xg; the same chaotic function is applied to X\ and Xo2» thus obtaining the control 

15 parameter which may be shifted to the appropriate range by the single functton 

X2 = X2OR (D400 0000 0000 0000) H. 

[0033] A new masking value will be defined by applying the chaotic function to X2 and X2. 
20 [0034] It should be noted that the masking value is comprised between 0 and 1 , therefore its 64 bit corresponding 
value will have the two most significant bits at 0 (this originates from placing by way of example 2^^ = 1). This could 
impede the masking of the two most significant bits of the datum to be crypted. The problem may be solved simply by 
copying (only for the masking phase) the two bits of weight 60 and 61 into the two most significant bits or in any case 
giving to these two bits (63, 64) any casual values. 

25 

SCALEABLE MULTILEVEL CHAOTIC KEY 

[0035] It is possible to further generalize the algorithm of the invention for generating the keys that govern the 
dynamic masking of the information, by implementing a scaleable multilevel key generation architecture. 
30 [0036] As depicted in Fig. 3b. the initial State and the Control parameters of the n-th stage are generated in the pre- 
ceding stage with a chaotic law. This has two advantages: 

1) the system has a scaleable security degree; 

2) the output masking sequence has an enhanced unpredictability. 

35 

[0037] Of course, with a multilevel structure, it will be necessary to account either for an increment of the processing 
time, in case of a sequential implementation of the entire multilevel architecture, or for an increment of the required sil- 
icon area in case of a parallel implementation of the multilevel architecture. 

[0038] Hence, the selection of the degree of security may be conditioned in some cases by speed requisites of data 

40 processing of the particular application. 

[0039] More in general, the scaleable multilevel architecture may be structured as a unkjue processing block 
receiving as input besides the key of cryptation, also the desired security level for the specif y application. 
[0040] Naturally, the dynamic of the CM block output signals, which will l^e used in the successive stage, must be 
adapted to be appropriate as a Control parameter in the successive stage. In case of a fogistic map, this adaptation may 

45 be done by implementing an OR between the CM brfock output which processes the map and the hexadecimal value 
D400 0000 0000 0000. 

DERNmON OF THE CRYPTED PACKET 

50 [0041 1 According to a preferred embodiment of the invention, a new crypted packet (CRYPT packet) structure con- 
stituted of a header of data having a constant length and of a payload of variable length is defined as shown in the 
example of Fig. 4. 

[0042] Naturally, the packet will include the packet header (indicated with a dark tone shading in the figure) accord- 
ing tp the particular communication protocol being used. 
5S [0043] The header of the crypted data packets contains a series of fields which are useful during the encrypting of 
the information. The data header includes a first packet identifying field (PID) and a second f ieM (SID) that kfentif ies the 
data stream to which the packet belongs (for those applications based on the transmission of a plurality of different 
streams). Moreover, in those cases wherein it is possilDle to structure the information in "messages", that Is in groups of 
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CRYPT packets of a constant length, a third field (MID) identifying the message to which the packet belongs and a 
fourth field (CC) carrying inlornnation on the progressive number (continuity counter) of the packet within the message, 
may be also present. 

[0044] In such a case, the crypting may be done at the message level, that Is for each new message there is a 
change of key. Where the processing preceding the encrypting provkJes for already packeted data, the length of the 
header (HL) of the packeted data is indicated in order to prevent that such a header be encrypted. Rnally, a f ieki irxii- 
eating the payload length of the crypted packet (PL) may be included for applications where it is necessary to account 
for a payload of variable length. Since the loss of a portion of a crypted packet signifies the loss of the entire packet, it 
Is convenient to choose a PL value not excessively large. Of course, on the other hand, there is a need to guarantee a 
certain minimum length of the packet so that the ratio overhead header/jpayload k>e as small as possible. 
[0045] Rg. 5 shows the organization of the data header according to an embodiment of the invention. 
[0046] The data header of the crypted packet is subdivided into the follGwing f ieMs: 

RID (Packet IDentifler): is an klentif ler which pemiits to appropriately identify the packet as a CRYPT packet. 
SID (Stream IDentifier): is the unique identifier of the stream (i.e. a f ilnried sequence) to which the packet belongs. 
It inplicitiy permits to establish when shouki stop tiie encrypting of a certain stream and start the encrypting of 
anotiner stream. 

• MID (Message IDentifier): is the unique identifier of the message to which the packet t^elongs. It implicitly permits 
to establish when a change of key should be done. 

CC (Continuity Counter): indicates tiie numt^er of the packet within the message. It permits, during the reception 
phase, to detect an eventual loss of packets because during the transmission it is incremented one unit at the time. 

• SL (Security Level): indicates the chosen security level of protection of the information. 

HL (Header Length): indicates the length in bytes of the header of the packet of data header contained in tiie pay- 
load. For certain types of data, headerless data, its value will be 0. 

PL (Payload Length): indicates tiie length in bytes of the payk>ad of the crypted packet. It serves to maintain flie 
synchronism in case of a k>ss of crypted packets. 

[0047] The peculiarities and advantages of the system of the invention may be summarized as fblkiws: 

1 . The algorithm has a high level of security. The chaotic models, belonging to the class of polyalphabetical ciphers, 
ensure a higher degree of security than monoalphabetk: ciphers (for example DES). Moreover, the dynamic change 
of key increases even further the level of security provided by the system of the invention. The law according to 
which tiie key is dynamically updated is of the chaotic type too and the frequency of updating may be chosen taking 
into consideration tiie characteristics of the particular ^Dplication. Rnally. to prevent cryptatkm of essential commu- 
ntcation data and facilitate the use of the cryptation system, the masking is applied only to the data field (paykiad) 
of the packet. The HL field included in the header of the crypted packet permits a correct synchronization, prevent- 
ing cryptation of the header portion of the packets. 

2. According to a preferred errtoodimerrt. tiie level of security is scaleatrfe. A multilevel architecture, by employing 
the same hardware, can readily adapt the level of security to the specific application requirements. 

3. The algorithm exploits the intrinsic synchronism of the communication protocol based on the packet switched 
technique. During reception, by analyzing eventual discontinuities in the MID or CC fiekfs. it is possible to trace 
back the number of the lost crypted packets. 

4. The definition of ttie cryptography protocol provides for a certain flexibility also in the selection of the layer of 
application of the cryptography block. 

5. The structure of the crypted packet is very f lexibia It is capable to manage data streams of variable lengtiis witii 
or witiiout header. 

6. The decrypting algorithm is independent of the particular type of information transmitted (audio, video, data) and 
of the eventual processing undergone by the messages (compression, etc.). 

APPLICATION OF THE ALGORITHM OF THE INVENTION TO MPEG TRANSMISSION ON ATM NETWORKS 

[0048] The application taken into consideration by way of example is that of a secure system of communication fbr 
MPEG video sequences transmitted on an ATM network. The encrypting/decrypting architecture of tiie invention may 
be integrated in a VLSI device of a functional hardware system, such as for example a "Set Top Box" for multimedia 
applications, as schematized in Fig. 6. 
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MPEG CODING 

[0049] In terms of digital data, an MPEG video may be seen as a sequence of bits (bitstream). In particular, at the 
co-decoding level, that is at the coder output and at the decoder input, an MPEG film is delimited by sequence limiters; 

5 it always begins with a header, which contains essential coding information, such as for example: the frame size and 
the rate at which they are transmitted and the bit-rate, and terminates with a 32 bit end of sequence indicator. 
[0050] The header is followed by a variable number of groups of frames, called GOP (Group Of Pictures); these 
provide for a random access to the pictures and represent the smallest entity that may be independently decoded. A 
GOP always begins with a header and terminates in correspondence of the header of the successive GOP or with the 

10 end of sequence indicator. 

[0051] At transmission level, the MPEG bitstream is structured in MPEG packet Transport Streams (MPEQ-TS) 
constituted of a 4 byte header and a data field of 184 bytes, according to the scheme of Rg. 7. 
[0052] Typically, the header of a MPEG-TS packet has eight data fields containing: the synchronizing byte (SYNC_ 
BYTE), the identifier of the stream to which it belongs (PID) and the continuity counter (CONTINUITY_COUNTER) 

IS which, being composed of only 4 bits, zeroes itself every sixteen MPEG-TS packets. 

[0053] Rg. 8 shows a functional diagram of the case of a de-coder of MPEG sequences transmitted on an ATM net- 
work. The network interface reorders and reassembles the ATM packets received. In case of a simple uncrypted MPEG 
stream, it returns the transport level structured information, that is in packets of 188 bytes organized according to the 
MPEG-2 Transport Stream format (MPEG-TS) shown in Fig. 7. 

20 [0054] The microprocessors ^iP return the different MPEG streams from the transport level to the coding level. 
Another microprocessor, not shown in the figure, finally carries out the MPEG decoding operations. In case of en-ors or 
loss of ATM packets, the ATM interface discards the entire MPEQ-TS packet and thereafter the ^P effect a further test 
discarding packets eventually received with errors. 

[0055] By w^ of example of an applicatton, the cryptography block of the invention may be inserted at the transport 
25 level, for imposing a unique de-crypting system for all the streams, reducing the costs, the size and the complexity of 
the relative hardware architecture. 

[0056] The cryptography system introduces information data within the payload of the crypted packet and sets the 
values of the relative header, as illustrated in Rg. 9. 

[0057] During a reception phase, the CRIPT^ block performs the inverse operation (decrypting), returning the data 

30 to a transport level format. 

[0058] Due to the fact that at the transport level the MPEG-TS packets may be multiplexed and may l)elong to dif- 
ferent data streams, it is necessary to store the State of the chaotic map of each stream. 
[0059] Rg. 10 shows a hardware architecture for the cryptography model of the invention. 
[0060] The system comprises an input buffer Buff.lN, that serves to store a certain number of data which must be 

35 crypted or decrypted, an output buffer. Buff.OUT, in wNch the data are stored after having been crypted or decrypted. 
There is also a processor unit, CU, that analyzes the data stored, and controls whether the data are crypted or not. etc.. 
a FUNC module for generating the selected chaotic function, a RAM in which to store the values necessary to the crypt- 
ing/decrypting operations, such as for example the present State and the key State for each channel, the security level 
to be used for each channel, etc.. and finally, a module that performs the sum or the difference between the masking 

40 digital sequence and the data contained In the payload. 

[0061 1 As shown in Rg. 1 1 , the FUNC module may be composed essentially of basic cells executing the elemen- 
tary operations, for example in the case of the chaotic function = aX„(1 - X„) tiiat generates the logistic map, the 
FUNC module is composed of two multipliers, X, and a nxxiule, 1-, which executes the operation. "1 minus the value 
present at the input of the module". 

45 [0062] The RAM includes an array of elementary memory cells organized in a way to form a 64 bit memory per 
each address. The required RAM capacity is calculated in function of the maximum security level and the maximum 
number of channels; fbr example: 



50 



Password or key 


Security level 


Registers per channel 


Memory Capacity 


2x64 bit 


1 


1 


800 byte (100 channels) 
400 byte (50 channels) 


4x64 bit 


2 


3 


2400 byte (100 channels) 
1200 byte (50 channels) 
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(continued) 



Password or key 


Security level 


Registers per channel 


Memory Capacity 


8x64 bit 


3 


7 


5600 byte (100 channels) 
2800 byte (50 channels) 


16x64 bit 


4 


15 


12000 byte (100 channels) 
6000 byte (50 channels) 



[0063] Beside the information inherent to the different States and to the current Keys relative to each Channel, the 

RAM contains data for allowing the CU to recognize the security level that must be used for each channel. 

[0064] In the example, 4 bits are used to define the security level for each channel, if there are 100 channels, 

besides the processing data area a further data storage areas of about 56 bytes must be accounted for. 

[0065] The CU module is programmable. When the cfg pin is activated (such as for example after a reset) the data 

acquisition will not be interpreted as data to be crypted or decrypted, instep they will be configuring data (for example, 

setting the security level for each channel, etc.). 

COMPUTING ASPECTS 

[0066] By way of example, the operations necessary to encrypt a whole PES packet in case a security level of up 
to level 2 and a logistic chaotic function are chosen, are reported in the following tat)les. 
[0067] Let: 

Xki = the Initial State relative to the k-th chaotic nnap of the i-th level; 

Cki = the Control parameter relative to the k-th chaotic map of the i-th layer; 

A = register of the present State of the chaotic map; 

B = register of the Control parameter of the chaotic function; 

F = the chaotic function output; 

Lik = register storing the relative output of tiie k-th chaotic map of the i-th layer; 

C = register storing the output of the chaotic function; 

D = register storing the datum to be crypted; 

S = register storing the result of the masking sum/subtraction. 



STEP 


OPERATION 


NUMBER OF CYCLES 


0 


PES ACQUISITION 


(188+16 )*2 


1 


CALCULATION RAM ADDRESS CONTAINING THE 
NUMBER OF LEVELS OF THE CURRENT CHANNEL 


MAX 10 


2 


READING N*^ OF LEVELS FROM THE RAM 


2 


3 


PROCESSING THE DATUM RELATIVE TO THE N* OF 

LEVELS 


4 


4 


READXll FROM RAM 


2 


5 


Xll => A 


1 


6 


READ Cl 1 FROM RAM 


2 


7 


Cll =>B 


1 



r 
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5 


8 


STORE FIN RAM (Lll) 


2 




9 


READX21 FROM RAM 


2 




10 


X21 =>A 


1 


10 


11 


READC21 FROM RAM 


2 


12 


C21 => B 


1 




13 


STORE F IN RAM (L21); F => B 


2 


IS 


14 


READLll FROM RAM 


2 


15 


Lll => A 


1 




16 


STORE F IN RAM (L12); F => C; DATUM => D 


2 




17 


S => OUT (FIRST DATUM) 


8*2 


20 


18 


F=>B 


1 




ly 


STORE F IN RAM 1 Z^, r C, UA 1 UM U 








5 — ^ OUT ^atCOrlU UA 1 UM^ 




25 


21 


F=> B 


1 




22 


STORE F IN RAM {L12); F => C; DATUM => D 


2 




23 


S => OUT (THIRD DATUM) 


8*2 


30 


24 


PES ACQUISITION 


(188+16 )*2 




25 


CALCULATION RAM ADDRESS CONTAINING THE 
NUMBER OF LEVELS OF THE CUKRErn LHANNtL 


MAX 10 


35 


ZD 


READING N OF LEVELS FROM 1 nb KAM 






O^ 


PROCESSING THE DATUM RJcLATIVt TO IMt N Or 
LEVELS 


A 
*T 


40 


28 


READXll FROM RAM 


2 


29 


Xll => A 


1 




30 


READ Cl 1 FROM RAM 


2 


45 


31 


Cl 1 => B 


1 


32 


STORE F IN RAM 


2 




33 


READ X21 FROM RAM 


2 




34 


x21 => a 


1 


50 


35 


READ C2 1 FROM RAM 


2 




36 


C2l => B 


I 



55 
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37 


STORE F IN RAM (L12); F => B 


2 


38 


READ Ll 1 FROM RAM 


2 


39 


Ll 1 => A 


1 


40 


STORE F IN RAM ^Ll2'^' F => C' DATUM => D 


2 


41 


S => OIJT Tfirst dati jm^ 




49 


p => o 
r D 


1 

I 


43 


STORE F IN RAM (l12); F => C; DATUM => D 


2 


44 


S => OUT (SECOND DATUM) 


8*2 


45 


F=>B 


1 


46 


STORE F IN RAM (Ll2); F => C; DATUM => D 


2 


47 


S =>OUT (THIRD DATUM) 


8*2 




TOTAL 


1758 




MAXIMUM TIME BETWEEN A PES PACKET AND THE 
FOLLOWING ONE 


40.000 



[0068] As it may be observed, the time requisites are satisfied because the total number of clock cycles required is 
less by an order of magnitude than the maximum allowed value (the processirtg tinr^e between a PES packet and the 
next Is of 40,000 cydes). Since the major computing burden is for the acquisition of the PES packetp it may be easily 
verified that even the highest security levels (3 and 4) satisfy the above mentioned time constraints. 

Claims 

1. A cryptation system for information transmitted through packet switching networks including masking the digital 
information data by combining them at the transmitting station with digital data of a certain code of cryptation before 
transmitting the so encrypted data through the network and performing an irrverse processing or decrypting at the 
receiving station using the same code of erK:rypting. characterized in that it comprises the following steps: 

generating at a transmitting station and at a receiving station, starting from a given pair of password codes or 
user key, a certain discrete chaotic model or map of said pair of codes or key. producing dynamically updated 
pairs of values of codes or key everys certain number of processing steps of said chaotic map: 
masking tiie data to be transmitted by way of a logic combination with saki current dynamically updated keys 
at the transmitting station; 

demasking the data at the receiving station by way of a logic decomposition of saki digital data from sakI cur- 
rent dyr^amically updated key returning Vne digital data to a clear conditk>n. 

2. The method according to claim 1, characterized in tfiat a sequence of chaotically evolving masking data, corre- 
sponding to a dynamically updated input key according to a certain chaotic map, to be summed to the infbrmation 
data at tiie transmitting station and to be subtracted from the received data at tiie receiving station, is generated t>y 
a multilevel architecture system, a dynamically updated key output by a level representing the input key of a suc- 
cessive level and so forth until a last level outputting said masking data; 

an architectural level processing a dynamically updated by a preceding architectural level input key and output- 
ting a dynamically updated liey according to a certain discrete chaotic model or chaotic map independentiy 
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chosen from a plurality of chaotic models for said two archrtedural levels. 

3. The method according to daim 1 or 2,0 characterized in that a crypted data packet has a structure comprising 
header of a constant length and a payload of variable length wherein crypted information data are introduced; 

the header of the crypted packet having at least seven fields: 

PID (Packet IDentifler): is an identifier which permits to appropriately identify the packet as a CRYPT 
packet. 

SID (Stream IDentifier): is the unique identifier of the stream (i.e. a filmed sequence) to which the packet 
belongs. It implicitly permits to establish when shouM stop the encrypting of a certain stream and start the 
encrypting of another stream. 

MID (Message IDentifier): is the unique identifier of the message to which the packet belongs. It impricitly 
permits to establish when a change of k^ shouki be done. 

CC (Continuity Counter): indicates the number of the packet within the message. It permits, during the 
reception phase, to detect an eventual loss of packets because during the transmission it is incremented 
one unit at the time. 

SL (Security Level): indicates the chosen security level of protection of the information. 

HL (Header Length): indicates the length in bytes of the header of the packet of data header contained in 

the payload. For certain types of data, headerless data, its value will be 0. 

PL (Payload Length): indicates the length in bytes of the payload of the crypted packet. It serves to main- 
tain the synchronism in case of a loss of crypted packets. 

4. A receiving/transmitting station of a packet switching network including a system for encrypting/decrypting informa- 
tion being transmitted and/or received by masking digital infbrmation data with data of a certain cryptography key, 
comprising an interface of connection to the networi^ (INTERFACE ATM), a module of encrypting or decrypting 
(CRIPT*^) the data and one or more decoding and processing pipelines of received data (mR MPEG'\ ...), said 
module (CRIPT*"^) comprising an input buffer (Buff. IN) storing a certain quantity of input data to be crypted or 
decrypted, an output buffer (Buff.OUT) storing the decrypted or crypted data, a control unit (CU), a RAM menx>ry 
storing data necessary for the cryption/decryption operation and a module (±) summing or subtracting a sequence 
of said masking data to or from a sequence of informatfon data to be crypted or decrypted, characterized in that it 
comprises 

a module (FUNC) generating a certain chaotic function, chosen among a plurality of selectable chaotic func- 
tions, starting from a pair of codes or passwords constituting a starting key read by said control unit (CU) ana 
input to said processing module (FUNC); 

tiie pair of codes identifying a current state of ev^olutfon of said chaotic function as produced by saki nrxxiule 
(FUNC) being periodically updated in said RAM memory for each communication channel and constituting the 
cunent masking data of the transmitted information, which are dynamically updated every certain number of 
clock pulses of processing of said chaotic function. 

5. The receiving-transmitting station according to claim 4, wherein the encryption/decryption architecture is multilevel 
and the level of security of tiie encrypting/decrypting processing is scaleable depending on the requisites of a spe- 
cific application. 
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Fig. 3a Masking with chaotic key of second layer 
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Fig. 3b State evolution 




Fig. 3c Parameter control evolution 
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Fig. 3d Masking with chaotic key of third layer 
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